Re: Removing no-dsa entries when releasing a DLA
On Tue, 06 Nov 2018, Moritz Muehlenhoff wrote:
> On Tue, Nov 06, 2018 at 08:16:21PM +0100, Markus Koschany wrote:
> > Am 06.11.18 um 20:09 schrieb Moritz Muehlenhoff:
> > > Hi,
> > > if you fix any issues which were formerly tagged <no-dsa> in a DLA, make sure
> > > to remove the no-dsa in CVE/list as well, e.g. in the DLA-1568-1 for curl.
> > I was about to do that, as usual, but when someone else does it four
> > minutes after I requested a DLA number and I still work on the commit,
> > then there is not really anything what can be done about it. I suggest
> > being a bit more patient in such cases.
> Your's is just an arbitrary example, there's plenty of other cases where that
> did not happen at all until Salvatore cleaned it up.
Why is that even needed? Can't we improve the security tracker to ignore
those no-dsa tag when the CVE has been fixed? Or have some script to
remove them automatically?
Raphaël Hertzog ◈ Debian Developer
Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/